2025-11-17 –, Westin - Munich
While the threat of Linux malware grows, its complexity is often overestimated. Many samples lack sophisticated obfuscation, making them prime targets for modern analysis. This talk introduces a cutting-edge methodology that integrates Large Language Models (LLMs) directly into the reverse engineering workflow. We will demonstrate how to leverage LLMs with a disassembler to automate the analysis of Linux binaries, generating detailed functional reports in minutes. Attendees will gain practical techniques to harness AI for faster, more efficient threat hunting, empowering them to unmask the inner workings of Linux malware with unprecedented speed.
Despite Linux's pervasive use in servers and IoT, its malware landscape remains significantly under-researched, often leading to a perception of high sophistication. This talk challenges that notion by demonstrating that many Linux malware samples are surprisingly straightforward, with authors frequently forgoing robust obfuscation. This lack of complexity creates a unique opportunity for analysis.
Building upon this accessibility, the core of this presentation is a practical demonstration of an innovative workflow for large-scale malware analysis. We will show how Large Language Models (LLMs), when integrated with a disassembler, can revolutionize the reverse engineering process. The inherent "simplicity" of many Linux samples makes them ideal candidates for LLM-assisted analysis, allowing for the rapid and automated generation of functional reports.
Attendees will leave with:
Practical insights and tips for integrating LLMs into their own binary analysis workflows.
An understanding of how to automate the tedious aspects of reverse engineering, freeing up time for deeper threat intelligence.
A methodology for rapidly triaging and reporting on Linux malware functionality.
Finally, this talk places our methodology within the broader context of AI's impact on cybersecurity. We will critically examine the pitfalls and limitations of relying solely on LLMs, underscoring the indispensable role of human expertise in validating AI outputs. This session provides a balanced look at the future of analysis, offering a roadmap for the responsible and effective integration of AI into modern security research.
Reverse Engineering, Linux Malware, LLMs
Remco is a Principal Security Researcher at Elastic's Security Labs, specializing in reversing and analyzing malware, particularly in the Linux domain. With a rich background as a forensic investigator for the Dutch Police, he brings a unique blend of law enforcement and cybersecurity expertise. At Elastic, Remco focuses on dissecting malware families, contributing to the development of innovative security strategies. His work is integral in understanding and mitigating emerging cyber threats, leveraging his extensive experience in digital forensics and threat analysis.